Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
net-misc/nx contains a modified version of XFree86 4.3.0 in the file nx-X11-2.1.0-3.tar.gz. That file contains xfree code from February 2003 that is, by itself, vulnerable to several issues reported since then. I am unaware whether the package was patched for some of the earlier issues, but I verified the code is unpatched for: * CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension) in nx-X11/programs/Xserver/Xext/xcmisc.c * CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c) in nx-x11/lib/font/bitmap/bdfread.c * CVE-2007-1352 (Integer overflow in the FontFileInitTable function) in nx-x11/lib/font/fontfile/fontdir.c * CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c, and (2) XInitImage) in nx-x11/lib/X11/ImUtil.c * CVE-2006-6101 CVE-2006-6102 CVE-2006-6103 (Multiple integer overflows in dbe and render extensions) * CVE-2006-3739 CVE-2006-3740 (Integer overflows in handling CID encoded Type1 fonts) This code is compiled and statically linked into the nxagent (nx X server) executable. I believe the privilege escalations are not issues here because nxagent is running with user rights. Nevertheless some might be a security problem. As far as I saw, nx is only used for the GPL NX server "nxserver-freenx" and not for nxserver-freeedition. nx is stable on x86 as per bug 180040.
nx, what's your advice?
net-misc/nxnode's (for the freeedition server) nxagent is built from the same code , so it's vulnerable as well The 2.x branch (based on xfree) is not maintained anymore upstream, replaced in favor of 3.x (xorg-based and maintained). So I'd recommend dropping nxnode 2.1* (and nxserver-freeeedition 2.1 that only works with it), and only leave 3.0: this will require x86 stabilization for nxclient-3.0.0-r3 (3.0 version is required by nxnode 3.0), nxnode-3.0.0-r2 and nxserver-freeedition-3.0.0-r2 For freenx, a patch was released to get freenx-0.7 working with a nx-3.0 package. I have to make new nx and nxserver-freenx packages for that, after that we can test (and mark) them stable on x86, and drop the remaining 2.x packages
Setting whiteboard to B2 because the codebase might allow code execution when using a manipulated fonts with the old freetype code. [1] The vulnerabilities quoted above are privilege escalations and I do not think they're an issue here. [1] http://secunia.com/advisories/21446/ Bernard, thanks for pointing out the dependencies. To sum up, we have two vulnerable packages: 1) net-misc/nx-2.1.0 2) net-misc/nxnode-2.1.0
net-misc/nx-3.0.0 and net-misc/nxserver-freenx-0.7.0-r1 (that works with nx3) are in portage now
Thanks a lot, Bernard. x86, please test and mark stable: net-misc/nx net-misc/nxclient net-misc/nxnode net-misc/nxserver-freeedition (all in the latest 3.0.0 versions) net-misc/nxserver-freenx-0.7.0-r1
I see a new net-misc/nx-3.0.0: nx-3.0.0.ebuild 1.1 8 hours voyageur Version bump to new 3.0.0 branch,... but nothing in net-misc/nxserver-freenx: nxserver-freenx-0.6.0.ebuild 1.5 2 months opfer stable x86, bug 180040 nxserver-freenx-0.7.0.ebuild 1.1 5 weeks voyageur Version bump (from sources.gentoo.org/viewcvs.py) CVS commit borked? Because the freenx-0.7.0 version in portage still depends on ~net-misc/nx-2.1.0
Seems like the new freenx was committed after the comment here, but it's in CVS now.
Sorry for the delay, I missed the enter key after "repoman commit", and only realized it when I did not see it appear on mirrors at the same time as nx-3.0.0. The new version is 0.7.0-r1, not 0.7.0 (a patch is needed to use nx 3.0.0)
* Running NoMachine's update script NX> 701 Updating: server at: Mi Sep 19 16:44:59 2007. NX> 701 Autodetected system: gentoo. NX> 701 Update log is: /usr/NX/var/log/update. NX> 701 Checking NX server configuration using /usr/NX/etc/server.cfg file. NX> 701 ERROR: Output: chown: cannot access `/usr/NX/etc/keys/node.localhost.id_dsa': No such file or directory. NX> 701 ERROR: Cannot set ownership attributes for '/usr/NX/etc/keys/node.localhost.id_dsa' to 'nx:root'. * * ERROR: net-misc/nxserver-freeedition-3.0.0-r3 failed.
/usr/NX/etc/server.cfg is created by the setup script on first installation, at that time the files in /usr/NX/etc/keys are created. So when updating (determined by server.cfg already existing in the ebuild), these files should be there... A leftover incorrect /usr/NX/etc/server.cfg ?
x86 stable, last arch, glsa to be requested, thus changing whiteboard
glsa request filed.
GLSA 200710-09
